Cyber Resilience News June 5, 2018

Catch up on the past week’s news in cybersecurity.

News this week reminded us that phishing and whaling are not going away, they’re actually on the rise. Just ask Goliath and Goliath who suffered a phishing attack last week. GDPR continues to make headlines this time in the context of blockchain. And more companies are discovering that are not as compliant with GDPR as they thought they were. A scam involving the World Cup also made headlines this week as opportunistic attackers take advantage of those trying to get their tickets.

Local comedy and entertainment agency, Goliath & Goliath has been the latest to fall victim to an email scam. The hackers took R300 000 from the company through phishing. They gained access to the company's emails and requested clients to make payments to a different bank account.

Technology is double-edged and organisations, reliant on modern technological tools, should also invest in defences against cyber attacks to become resilient. While technology helps businesses to conveniently access or deliver a variety of services, it also exposes them to risks. When computers connect to a network and begin communicating with others, they are exposed to risk.

Analytics, security and data-governance vendors are lining up to help businesses that have been caught out by the activation of the European Union’s general data privacy regulation (GDPR) and the looming introduction of similar Australian policies that threaten to overrun companies with consumer data requests.

The Information Regulator is not yet fully functional and able to deal with the latest data leak that saw close to a million records of South Africans being exposed. So said chairperson of the Information Regulator, advocate Pansy Tlakula, in a telephonic interview with ITWeb this morning. South Africans have suffered another massive data leak which has resulted in close to a million personal records being exposed.

Blockchain promises immutable records. GDPR promises the right to be forgotten. How will this work out? Blockchain ranks right up there as the tech hype darling of the moment. Though blockchain is much less mature than say, AI, IT leaders are keeping a close eye on how blockchain may reshape vertical markets (such as finance) and functions (such as supply chain). Now some industry watchers are asking whether blockchain is headed for a bit of a collision with the European Union’s General Data Protection Regulation (GDPR).

The Office of Management and Budget reports that the federal government is a shambles — cybersecurity-wise, anyway. All told, nearly three quarters of federal agencies have cybersecurity programs that qualified as either “at risk” (significant gaps in security) or “high risk” (fundamental processes not in place).

Researchers looked at the difference in time between when an exploit is publicly available for a given vulnerability and the first time that a vulnerability is assessed and found the attacker has the first-mover advantage 76 percent of analyzed vulnerabilities, according to the firms Quantifying The Attacker's First-Mover Advantage report.

It seems the path to GDPR is fraught with GDPR violations – at least for privacy browser Ghostery, which exposed the email addresses of users to other users when it sent out GDPR notification emails Friday. Ghostery said it " will be reporting the incident as mandated by the GDPR" and has stopped distributing the email.

Cyberattacks on companies continue to grow more prevalent, sophisticated and dangerous. Organized criminals steal banking records, terrorists launch ransomware attacks, and state actors slip into information systems and go quiet until they see an opportunity to exploit their presence.

When it comes to security, there are more than enough tools on the market that tout the ability to shore up the ever-increasing number of threats. That’s all well and good, but simply relying on those isn’t nearly enough.

With just weeks until the start of World Cup 2018, fans across the world are busy getting excited to support their heroes. However ticket-hungry supporters still hoping to travel to Russia have been warned to beware a number of online scams targeting those desperate to see some action.

The Coca-Cola company announced a data breach incident this week after a former employee was found in possession of worker data on a personal hard drive. The company learned of the security breach last September after law enforcement officials contacted Coca-Cola.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox